Source: stunnel4 Version: 3:5.06-2 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerability was published for stunnel4. Could you please have a look at it. I was not able to isolate a fix yet, so just reporting to the BTS. CVE-2015-3644[0]: | Stunnel 5.00 through 5.13, when using the redirect option, does not | redirect client connections to the expected server after the initial | connection, which allows remote attackers to bypass authentication. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3644 [1] https://www.stunnel.org/CVE-2015-3644.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org